CLAIM AMENDMENTS 



1 1 . (currently amended) A method for controlling input/output (I/O) operations of 

2 a user's computer comprising the following steps: 

3 implementing the user's computer as a virtual machine (VM); 

4 including a v i rtua l mach i n e mon i tor (VMM) as a VM - transparont an interface 

5 software component between the VM and a physical computer system that includes at 

6 least one device; 

7 in the VMM interface software component : 

8 sensing a request for an I/O operation between the VM and the device; 

9 performing a transformation of I/O data passing between the VM and the device, 

10 said transformation being adjunct to necessary completion of the request, as issued, for 

11 the I/O operation; 

12 the transformation of the I/O data thereby being undefeatable by any user action 

13 via the VM. 

1 2. (currently amended) A method as in claim 1 , in which: 

2 the device is a display; 

3 the I/O data is VM display data output from the VM and intended for display; and 

4 the transformation is a replacement of at least a portion of the VM display data 

5 with non-defeatable display data stored external to the VM but accoss i b l o to tho VMM ; 

6 further including the step of displaying the VM display data with the non- 

7 defeatable display data overlaid. 

1 3. (previously presented) A method as in claim 1, further including the following 

2 steps: 

3 filtering the I/O data with respect to at least one predetermined filtering condition; 

4 and 

5 performing the transformation of the I/O data only when the filtering condition is 

6 met. 
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1 4. (previously presented) A method as in claim 3, in which the filtering condition 

2 is that the I/O data includes at least one restricted term. 

1 5. (previously presented) A method as in claim 3, in which the filtering condition 

2 is that the I/O data is from a restricted source. 

1 6. (previously presented) A method as in claim 3, in which: 

2 the I/O data includes image data; 

3 the step of filtering the I/O data comprises detecting the presence of a 

4 representation of a target image within the image data; and 

5 the transformation is substitution of a representation of a replacement image in 

6 place of the representation of the target image. 

1 7. (original) A method as in claim 6, in which: 

2 the I/O data is in a non-character image format; 

3 the target image is a representation of a restricted character string; and 

4 the step of filtering the I/O data comprises applying character recognition to the 

5 I/O data. 

1 8. (previously presented) A method as in claim 3, in which the filtering condition 

2 is the presence in the I/O data of a copy protection indication. 

1 9. (previously presented) A method as in claim 1 , in which the transformation 

2 comprises insertion into the I/O data of a source indication associated with the VM. 

1 10. (original) A method as in claim 1 , in which the transformation is time- 

2 varying. 

1 11. (original) A method as in claim 1 , in which the device is a network 

2 connection device. 
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1 12. (previously presented) A method as in claim 1 1 , in which the transformation 

2 is a bandwidth limiting of the I/O data being transferred between the VM and the 

3 network connection device. 

1 13. (previously presented) A method as in claim 1 1 , in which: 

2 the requested I/O operation is a transfer of the I/O data between the VM and the 

3 network connection device; and 

4 the transformation is a time delay of the transfer. 

1 14. (previously presented) A method as in claim 1 1 , in which: 

2 the requested I/O operation is a transfer of the I/O data from the VM to a first 

3 destination address via the network connection device; 

4 the transformation is a redirection of the I/O data to a second destination address 

5 different from the first. 

1 15. (previously presented) A method as in claim 1 , in which: 

2 the device is a display; 

3 the display renders data stored in a display map; and 

4 the step of performing the transformation comprises altering a selected portion of the 

5 display map. 

1 16. (currently amended) A method as in claim 15, in which the step of altering 

2 the selected portion of the display data comprises substituting [[,]] non-defeatable 

3 display data for the selected portion. 

1 17. (previously presented) A method as in claim 15, in which the step of 

2 altering the selected portion of the display data comprises changing all occurrences in 

3 the display map of a display color to a replacement color. 
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1 18. (previously presented) A method as in claim 1 , in which: 

2 the device is a data storage device; 

3 the requested I/O operation is a transfer of data between the VM and the storage 

4 device; and 

5 the step of performing the transformation comprises changing at least a portion 

6 of the data during the transfer between the VM and the storage device. 

1 19. (previously presented) A method as in claim 18, in which the step of 

2 performing the transformation of the I/O data comprises encrypting data written by the 

3 VM to the data storage device and decrypting data read from the data storage device by 

4 the VM. 

1 20. (previously presented) A method as in claim 18, in which the step of 

2 performing the transformation of the I/O data comprises compressing data written by the 

3 VM to the data storage device and decompressing data read from the data storage 

4 device by the VM. 

1 21 . (previously presented) A method as in claim 1 , in which: 

2 the device is a network connection device; 

3 the requested I/O operation is a transfer of data between the VM and the network 

4 connection device; and 

5 the step of performing the transformation comprises changing at least a portion 

6 of the data during the transfer between the VM and the network connection device. 

1 22. (previously presented) A method as in claim 21 , in which the step of 

2 performing the transformation of the I/O data comprises encrypting data written by the 

3 VM to the network connection device and decrypting data read from the network 

4 connection device by the VM. 
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1 23. (previously presented) A method as in claim 21 , in which the step of 

2 performing the transformation of the I/O data comprises compressing data written by the 

3 VM to the network connection device and decompressing data read from the network 

4 connection device by the VM. 

1 24. (previously presented) A method as in claim 1 , in which the step of 

2 performing the transformation of the I/O data comprises cryptographic transformation of 

3 the I/O data. 

1 25. (previously presented) A method as in claim 3, in which: 

2 the VM supports a plurality of I/O modes; 

3 the step of filtering is performed on I/O data corresponding to a first one of the 

4 plurality of I/O modes; and 

5 the predetermined transformation is applied to I/O data in a second one of the I/O 

6 modes when the I/O data in the first I/O mode satisfies a transformation-triggering 

7 criterion. 

1 26. (original) A method as in claim 25, in which the I/O modes include a video 

2 mode and an audio mode. 
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1 27. (currently amended) A method for controlling input/output (I/O) of a user's 

2 computer comprising the following steps: 

3 implementing the user's computer as a virtual machine (VM); 

4 including a v i rtua l mach i no mon i tor (VMM) as a VM transparent an interface 

5 software component between the VM and a physical computer system that includes at 

6 least one device that carries out an I/O operation on the basis of device control data; 

7 storing the device control data associated with the VM in a buffer i n th e VMM ; 

8 upon sensing a transformation command from an administrative system external 

9 to the VM, entering replacement data into at least a portion of the buffer^ said 

10 replacement data being entered as a processing step that is adjunct to the necessary 

11 completion of the I/O operation; 

12 the entry of the replacement data thereby being undefeatable by any action 

13 initiated via the VM. 

1 28. (currently amended) A system for controlling input/output (I/O) operations of 

2 a user's computer, comprising: 

3 a virtual machine (VM) constituting the user's computer; 

4 a v i rtua l machino monitor (VMM) form i ng a VM transparont anjnterface software 

5 component between the VM and a physical computer system that includes at least one 

6 device; 

7 the VMM interface software component including m o ans computer-executable 

8 code : 

9 for sensing a request for an I/O operation between the VM and the device; 

10 and 

11 for performing a transformation of I/O data passing between the VM and 

12 the device, said transformation being adjunct to necessary completion of the request, as 

13 issued, for the I/O operation; 

14 the transformation of the I/O data thereby being undefeatable by any action via 

15 theVM. 
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1 29. (original) A system as in claim 28, in which the device is a display and the 

2 I/O data is VM display data. 

1 30. (currently amended) A system as in claim 29, further comprising: 

2 a display buffer w i th i n the VMM for storing the VM display data that is output from 

3 the VM and is intended for display; and 

4 ^transformation m e ans software module comprising computer-executable code 

5 within the interface software component l ocatod w i th i n tho VMM for replacing at least a 

6 portion of the VM display data stored in the display buffer with non-defeatable display 

7 data; 

8 in which the display is provided for displaying the contents of the display buffer. 

1 31 . (original) A system as in claim 28, in which the device is a data storage 

2 device. 

1 32. (original) A system as in claim 28, in which the device is a network 

2 connection device. 
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